What's new

Tutorial Using TOR to unblock sites blocked by ISP on [Fork] Asuswrt-Merlin 374 LTS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MON@H Rasta

Occasional Visitor
  1. Install MicroSD into device.
  2. Format MicroSD as a single partition and install Entware on it using amtm.
  3. Bash:
    opkg update ; opkg upgrade ; opkg install tor tor-geoip bind-dig
  4. Create another file
    Bash:
    nano /jffs/scripts/init_ipset.sh
    Insert this and save the file
    Bash:
    modprobe ip_setmodprobe ip_set_iphash
    modprobe ip_set_nethash
    modprobe ip_set_setlist
    
    ipset --create unblock iphash
    Now give execution rights
    Bash:
    chmod +x /jffs/scripts/init_ipset.sh
    Create another file
    Bash:
    nano /jffs/scripts/services-start
    Insert this and save the file
    Bash:
    #!/bin/sh
    # This script get called after all other system services
    # have been started at boot on router
    # ---------------------------------------------------------
    
    # Cron job to install after reboot
    cru a unblock-ipset "3 3 * * * /jffs/scripts/unblock_update.sh"
    Now give execution rights
    Bash:
    chmod +x /jffs/scripts/services-start
    Create another file
    Bash:
    nano /jffs/scripts/nat-start
    Insert this code
    Bash:
    #!/bin/sh
    iptables -t nat -A PREROUTING -i br0 -p tcp -m set --set unblock dst -j REDIRECT --to-port 9141
    Save and give execution rights
    Bash:
    chmod +x /jffs/scripts/nat-start
  5. Bash:
    cat /dev/null > /opt/etc/tor/torrc
    Bash:
    nano /opt/etc/tor/torrc
    And insert your edited settings. Please note that admin is the username that is used to log into the router's web interface! If changed, replace with your own
    Bash:
    User admin
    PidFile /opt/var/run/tor.pid
    ExcludeExitNodes {RU},{UA},{AM},{KG},{BY}
    StrictNodes 1
    TransPort 192.168.1.1:9141
    ExitRelay 0
    ExitPolicy reject *:*
    ExitPolicy reject6 *:*
    GeoIPFile /opt/share/tor/geoip
    GeoIPv6File /opt/share/tor/geoip6
    DataDirectory /opt/var/lib/tor
    Exclude output nodes: Russia, Ukraine, Armenia, Kyrgyzstan, Belarus.
    Hang up a "transparent" proxy at 192.168.1.1, port 9141.
    Forbid being an exit point.
  6. unblock.txt - a simple list to unblock. You can unblock domain or IP address. One line - one item. Blank lines (including those with spaces and tabs) are ignored. You can use the # character at the beginning of a line to ignore. Create a new file with the command
    Bash:
    nano /tmp/mnt/microsd/dnsmasq/unblock.txt
    Insert our list into it. Use your own list, this is just an example!
    Bash:
    ###Torrent-trackersrutracker.org
    rutor.info
    rutor.is
    mega-tor.org
    kinozal.tv
    nnm-club.me
    nnm-club.ws
    tfile.me
    tfile-home.org
    tfile1.cc
    megatfile.cc
    megapeer.org
    megapeer.ru
    tapochek.net
    tparser.org
    tparser.me
    rustorka.com
    uniongang.tv
    fast-torrent.ru
    
    ###Media content directories for programs
    rezka.ag
    hdrezka.ag
    hdrezka.me
    filmix.co
    filmix.cc
    seasonvar.ru
    
    ###Books
    lib.rus.ec
    flibusta.is
    flibs.me
    flisland.net
    flibusta.site
    
    ###Telegram
    telegram.org
    tdesktop.com
    tdesktop.org
    tdesktop.info
    tdesktop.net
    telesco.pe
    telegram.dog
    telegram.me
    t.me
    telegra.ph
    web.telegram.org
    desktop.telegram.org
    updates.tdesktop.com
    venus.web.telegram.org
    flora.web.telegram.org
    vesta.web.telegram.org
    pluto.web.telegram.org
    aurora.web.telegram.org
    
    ###misc
    7-zip.org
    edem.tv
    4pna.com
    2019.vote
    
    ###Tor check
    check.torproject.org
    
    ###Example of unblocking by IP (remove the # at the beginning of the line)
    #195.82.146.214
  7. Create a new file with the command
    Bash:
    nano /jffs/scripts/unblock_ipset.sh
    Insert the following into it
    Bash:
    #!/bin/sh
    until ADDRS=$(dig +short google.com @localhost) && [ -n "$ADDRS" ] > /dev/null 2>&1; do sleep 5; done
    
    while read line || [ -n "$line" ]; do
    
    [ -z "$line" ] && continue
    [ "${line:0:1}" = "#" ] && continue
    
    addr=$(echo $line | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
    
    if [ ! -z "$addr" ]; then
    if ipset --test unblock $addr | grep NOT; then
    ipset -q --add unblock $addr
    continue
    fi
    fi
    
    dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("if ipset --test unblock " $1 " | grep NOT; then ipset -q --add unblock " $1 "; fi")}'
    
    done < /tmp/mnt/microsd/dnsmasq/unblock.txt
    Save the file and give the rights to execute it
    Bash:
    chmod +x /jffs/scripts/unblock_ipset.sh
  8. Create a new file with the command
    Bash:
    nano /jffs/scripts/unblock_dnsmasq.sh
    Insert the following into it
    Bash:
    #!/bin/sh
    cat /dev/null > /tmp/mnt/microsd/dnsmasq/unblock.dnsmasq
    
    while read line || [ -n "$line" ]; do
    
    [ -z "$line" ] && continue
    [ "${line:0:1}" = "#" ] && continue
    
    echo $line | grep -Eq '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' && continue
    
    echo "ipset=/$line/unblock" >> /tmp/mnt/microsd/dnsmasq/unblock.dnsmasq
    
    done < /tmp/mnt/microsd/dnsmasq/unblock.txt
    Save the file and give rights to execute
    Bash:
    chmod +x /jffs/scripts/unblock_dnsmasq.sh
    Then we execute the script
    Bash:
    /jffs/scripts/unblock_dnsmasq.sh
    Check that the file has been created and there are records in it
    Bash:
    cat /tmp/mnt/microsd/dnsmasq/unblock.dnsmasq
    There must be something like this
    Bash:
    # cat /tmp/mnt/microsd/dnsmasq/unblock.dnsmasqipset=/rutracker.org/unblock
    ipset=/rutor.info/unblock
    ipset=/rutor.is/unblock
    ipset=/mega-tor.org/unblock
    ipset=/kinozal.tv/unblock
    ipset=/nnm-club.me/unblock
    ipset=/nnm-club.ws/unblock
    ipset=/tfile.me/unblock
    ipset=/tfile-home.org/unblock
    ipset=/tfile1.cc/unblock
    ipset=/megatfile.cc/unblock
    ipset=/megapeer.org/unblock
    ipset=/megapeer.ru/unblock
    ipset=/tapochek.net/unblock
    ipset=/tparser.org/unblock
    ipset=/tparser.me/unblock
    ipset=/rustorka.com/unblock
    ipset=/uniongang.tv/unblock
    ipset=/fast-torrent.ru/unblock
  9. Create a new file with the command
    Bash:
    nano /jffs/scripts/unblock_update.sh
    Insert the following into it
    Bash:
    #!/bin/sh
    ipset --flush unblock
    
    /jffs/scripts/unblock_dnsmasq.sh
    service restart_dnsmasq
    sleep 3
    /jffs/scripts/unblock_ipset.sh &
    Save the file and give rights to execute
    Bash:
    chmod +x /jffs/scripts/unblock_update.sh
    After editing your unblock.txt file, you simply run this script to apply the new configuration without need to restart the router.
  10. Create a new file with the command
    Bash:
    nano /opt/etc/init.d/S99unblock
    Insert the following into it
    Bash:
    [ "$1" != "start" ] && exit 0
    
    /jffs/scripts/init_ipset.sh
    /jffs/scripts/unblock_ipset.sh
    service restart_firewall
    save the file and give rights to execute
    Bash:
    chmod +x /opt/etc/init.d/S99unblock
  11. We need to connect the created unblock.dnsmasq file to dnsmasq. To do this, open the file in the editor
    Bash:
    nano /jffs/configs/dnsmasq.conf.add
    Add at the end:
    Bash:
    conf-file=/tmp/mnt/microsd/dnsmasq/unblock.dnsmasq
    If you want (this is optional), you can add an additional server for resolving and reliability:
    Bash:
    server=8.8.8.8

    I have a ton of spam in log like
    Bash:
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:11 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:12 dnsmasq[30532]: failed to update ipset unblock: File exists
    Dec 8 23:17:12 dnsmasq[30532]: failed to update ipset unblock: File exists
    I guess I need to check if IP is already in IP_SET before adding it there, so my question is how to modify the script propertly? And any other suggestions are welcomed as well.
UPD: script updated, no more spam.
 
Last edited:
I don't have the same setup as you so I can't confirm this but I don't see why you are putting those two commands in /jffs/scripts/post-mount.

If the idea is that they need to run after the USB drive is mounted (because Entware is required) then they should be in /opt/etc/init.d/S99unblock. (I'm assuming Entware is installed on /tmp/mnt/microsd)

Also, you shouldn't really be running nat-start directly but using service restart_firewall instead.
 
Last edited:
@ColinTaylor, I need to add this to iptable on router startup:
Bash:
#!/bin/sh
iptables -t nat -A PREROUTING -i br0 -p tcp -m set --set unblock dst -j REDIRECT --to-port 9141
File name was chosen according to this. I don't really understand how it related to service restart_firewall

And yes, post-mount was chosen to be sure that MicroSD is mounted (again, according to this).
How running init.d can guarantee that MicroSD is mounted?
 
@ColinTaylor, I need to add this to iptable on router startup:
Bash:
#!/bin/sh
iptables -t nat -A PREROUTING -i br0 -p tcp -m set --set unblock dst -j REDIRECT --to-port 9141
File name was chosen according to this. I don't really understand how it related to service restart_firewall
Those scripts are designed to run when certain events occur on the router, e.g. the WAN interface comes up. They are not intended to be run directly. If you need to make changes to the firewall then you should run service restart_firewall which (among other things) will call nat-start in the correct manner.

And yes, post-mount was chosen to be sure that MicroSD is mounted (again, according to this).
How running init.d can guarantee that MicroSD is mounted?
When you installed Entware it would have made all the necessary changes to the startup scripts. /opt/etc/init.d/ is the Entware startup directory and resides on the USB drive (/opt is a symbolic link) therefore for that directory to exist it must have already been mounted. Startup scripts that use Entware functions (like dig) should be run from /opt/etc/init.d/ to guarantee those functions are available.

This is assuming that you have a single USB partition (/tmp/mnt/microsd) that contains Entware and your unblock.txt file. If you have files spread across multiple partitions things become much more complicated because you cannot guarantee the order in which they are mounted.
 
@ColinTaylor, got it, thanks. Modified tutorial according to this.

Now only question of proper usage of IP_SET to avoid spam remains. I have modified first part of script to check if IP is in IP_SET before adding it, but not sure how to add this check to second part of the script
Bash:
if [ ! -z "$addr" ]; then
  if [ ! ipset -T unblock $addr ]; then
    ipset -q --add unblock $addr
    continue
  fi
fi

dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("ipset -q --add unblock "$1)}'
Bash:
RT-N66U:/jffs/scripts# ipset --help
ipset v4.5

Usage: ipset -N new-set settype [options]
       ipset -[XFLSH] [set] [options]
       ipset -[EW] from-set to-set
       ipset -[ADT] set IP
       ipset -R
       ipset -v
       ipset -h (print this help information)

Commands:
Either long or short options are allowed.
  --create  -N setname settype <options>
                    Create a new set
  --destroy -X [setname]
                    Destroy a set or all sets
  --flush   -F [setname]
                    Flush a set or all sets
  --rename  -E from-set to-set
                    Rename from-set to to-set
  --swap    -W from-set to-set
                    Swap the content of two existing sets
  --list    -L [setname] [options]
                    List the IPs in a set or all sets
  --save    -S [setname]
                    Save the set or all sets to stdout
  --restore -R [option]
                    Restores a saved state
  --add     -A setname IP
                    Add an IP to a set
  --del     -D setname IP
                    Deletes an IP from a set
  --test    -T setname IP
                    Tests if an IP exists in a set.
  --help    -H [settype]
                    Prints this help, and settype specific help
  --version -V
                    Prints version information

Options:
  --sorted     -s   Numeric sort of the IPs in -L
  --numeric    -n   Numeric output of addresses in a -L (default)
  --resolve    -r   Try to resolve addresses in a -L
  --quiet      -q   Suppress any output to stdout and stderr.
 
Last edited:
Might I suggest that you change service restart_dhcpd to service restart_dnsmasq as your objective is to restart the DNS server not change the state of the DHCP server (even though in reality they are the same process).
 
I would also look into piping ipset add statements into a | awk '!x[$0]++' | ipset restore statement like Adamm does throughout Skynet. The awk eliminates duplicates. Not a full solution here, but a hint on how to get ideas from others' scripts.
 
I think the dnsmasq logs may be because you are trying to add the FQDN entries twice....once in the ipset script with the dig statement and then again with dnsmasq ipset=. Just use the dnsmasq setup.
 
@ColinTaylor, fixed, thanks.
@dave14305, you mean this one (github)?
@john9527, the issue is that in original manual author is using
Bash:
ipset -exist add unblock
but ipset v4.5 doesn't support -exists, so I need to add a check if IP exists before adding it.

Something like this, I guess
Bash:
if [ ! -z "$addr" ]; then
  if [ ! ipset -T unblock $addr ]; then
    ipset -q --add unblock $addr
    continue
  fi
fi

dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("if [ ! ipset --test unblock " $1 " ]; then ipset -q --add unblock " $1 "; fi")}'

But I get [: --test: unknown operand
 
Last edited:
I know this is old, but in case someone ever wonder, the solution was simple, no more spam in log :)
Bash:
#!/bin/sh

until ADDRS=$(dig +short google.com @localhost) && [ -n "$ADDRS" ] > /dev/null 2>&1; do sleep 5; done

while read line || [ -n "$line" ]; do

  [ -z "$line" ] && continue
  [ "${line:0:1}" = "#" ] && continue

  addr=$(echo $line | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')

  if [ ! -z "$addr" ]; then
    if ipset --test unblock $addr | grep NOT; then
      ipset -q --add unblock $addr
      continue
    fi
  fi
 
  dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("if ipset --test unblock " $1 " | grep NOT; then ipset -q --add unblock " $1 "; fi")}'

done < /tmp/mnt/microsd/dnsmasq/unblock.txt
 
How many ISPs are actually blocking sites versus tinkering with DNS? It seems like at ISP scales it would be resource intensive to actually block packets destined for certain domains as you'd have to intercept the SSL/TLS handshake to grab the hostname and compare it to a list of banned domains.
 
Well, IDK about your question, but I'm from Ukraine and we have a list of domains that ISPs must block because of government decision. In Russia there is even a federal executive agency called Roskomnadzor that forces ISPs to block sites. So for those who have similar problem or just want certain sites to be opened using TOR network for any other reason without need to install and configure TOR on client this tutorial may be useful.
 
Decided to check once again and there are still those errors! Man how is that possible? I just have no idea!

I just added logger into it to see what happens and now I'm totally confused!
Bash:
dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("logger " $1 " && if ipset --test unblock " $1 " | grep NOT; then ipset -q --add unblock " $1 "; fi")}'
I executed the script several times without any changes made and this what I got in log:
Bash:
Jul 21 09:50:40 admin: unblock_ipset.sh: start
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 admin: 93.186.225.208
Jul 21 09:50:40 admin: 87.240.137.158
Jul 21 09:50:40 admin: 87.240.190.72
Jul 21 09:50:40 admin: 87.240.190.78
Jul 21 09:50:40 admin: 87.240.190.67
Jul 21 09:50:40 admin: 87.240.139.194
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:40 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 admin: 80.239.201.101
Jul 21 09:50:41 admin: 149.5.244.233
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 admin: 87.250.250.242
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 admin: 87.250.250.50
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 admin: 94.100.180.201
Jul 21 09:50:41 admin: 3.120.25.179
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 admin: 217.20.147.1
Jul 21 09:50:41 admin: 217.20.155.13
Jul 21 09:50:41 admin: 5.61.23.11
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:41 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:50:42 admin: 45.60.34.164
Jul 21 09:50:42 admin: 45.60.40.164
Jul 21 09:50:42 admin: 116.202.120.181
Jul 21 09:50:42 admin: unblock_ipset.sh: finish
Jul 21 09:51:33 admin: unblock_ipset.sh: start
Jul 21 09:51:33 admin: 87.240.139.194
Jul 21 09:51:34 admin: 87.240.190.67
Jul 21 09:51:34 admin: 87.240.190.78
Jul 21 09:51:34 admin: 87.240.190.72
Jul 21 09:51:34 admin: 87.240.137.158
Jul 21 09:51:34 admin: 93.186.225.208
Jul 21 09:51:34 admin: 149.5.244.233
Jul 21 09:51:34 admin: 80.239.201.101
Jul 21 09:51:34 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:51:34 admin: 87.250.250.242
Jul 21 09:51:34 admin: 87.250.250.50
Jul 21 09:51:34 admin: 3.120.25.179
Jul 21 09:51:34 admin: 94.100.180.201
Jul 21 09:51:34 admin: 5.61.23.11
Jul 21 09:51:34 admin: 217.20.155.13
Jul 21 09:51:34 admin: 217.20.147.1
Jul 21 09:51:34 admin: 45.60.40.164
Jul 21 09:51:34 admin: 45.60.34.164
Jul 21 09:51:35 admin: 116.202.120.181
Jul 21 09:51:35 admin: unblock_ipset.sh: finish
Jul 21 09:53:57 admin: unblock_ipset.sh: start
Jul 21 09:53:57 admin: 93.186.225.208
Jul 21 09:53:57 admin: 87.240.139.194
Jul 21 09:53:57 admin: 87.240.190.67
Jul 21 09:53:57 admin: 87.240.190.78
Jul 21 09:53:57 admin: 87.240.190.72
Jul 21 09:53:57 admin: 87.240.137.158
Jul 21 09:53:57 admin: 80.239.201.101
Jul 21 09:53:57 admin: 149.5.244.233
Jul 21 09:53:58 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:53:58 admin: 87.250.250.242
Jul 21 09:53:58 admin: 87.250.250.50
Jul 21 09:53:58 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:53:58 dnsmasq[1297]: failed to update ipset unblock: File exists
Jul 21 09:53:58 admin: 3.120.25.179
Jul 21 09:53:58 admin: 94.100.180.201
Jul 21 09:53:58 admin: 217.20.147.1
Jul 21 09:53:58 admin: 5.61.23.11
Jul 21 09:53:58 admin: 217.20.155.13
Jul 21 09:53:58 admin: 45.60.34.164
Jul 21 09:53:58 admin: 45.60.40.164
Jul 21 09:53:58 admin: 116.202.120.181
Jul 21 09:53:58 admin: unblock_ipset.sh: finish

so I added more logger like this:
Bash:
logger "1"
  dig +short $line @localhost | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("logger " $1 " && if ipset --test unblock " $1 " | grep NOT; then logger adding " $1 " && ipset -q --add unblock " $1 "; fi")}'
logger "2"
Then I executed
Bash:
ipset --flush
And then I executed script several times
Bash:
Jul 21 10:22:46 admin: unblock_ipset.sh: start
Jul 21 10:22:46 admin: 1
Jul 21 10:22:46 admin: 87.240.190.72
Jul 21 10:22:46 admin: 87.240.190.67
Jul 21 10:22:46 admin: 87.240.139.194
Jul 21 10:22:46 admin: 87.240.137.158
Jul 21 10:22:46 admin: 93.186.225.208
Jul 21 10:22:46 admin: 87.240.190.78
Jul 21 10:22:46 admin: 2
Jul 21 10:22:46 admin: 1
Jul 21 10:22:47 admin: 149.5.244.203
Jul 21 10:22:47 admin: 80.239.201.100
Jul 21 10:22:47 admin: 2
Jul 21 10:22:47 admin: 1
Jul 21 10:22:47 admin: 87.250.250.242
Jul 21 10:22:47 admin: 2
Jul 21 10:22:47 admin: 1
Jul 21 10:22:47 admin: 87.250.250.50
Jul 21 10:22:47 admin: adding 87.250.250.50
Jul 21 10:22:47 admin: 2
Jul 21 10:22:47 admin: 1
Jul 21 10:22:47 admin: 94.100.180.201
Jul 21 10:22:47 admin: 3.120.25.179
Jul 21 10:22:47 admin: 2
Jul 21 10:22:47 admin: 1
Jul 21 10:22:47 admin: 5.61.23.11
Jul 21 10:22:47 admin: adding 5.61.23.11
Jul 21 10:22:47 admin: 217.20.147.1
Jul 21 10:22:47 admin: adding 217.20.147.1
Jul 21 10:22:47 admin: 217.20.155.13
Jul 21 10:22:47 admin: adding 217.20.155.13
Jul 21 10:22:47 admin: 2
Jul 21 10:22:47 admin: 1
Jul 21 10:22:47 admin: 45.60.40.164
Jul 21 10:22:47 admin: adding 45.60.40.164
Jul 21 10:22:47 admin: 45.60.34.164
Jul 21 10:22:47 admin: adding 45.60.34.164
Jul 21 10:22:47 admin: 2
Jul 21 10:22:48 admin: 1
Jul 21 10:22:48 admin: 116.202.120.181
Jul 21 10:22:48 admin: adding 116.202.120.181
Jul 21 10:22:48 admin: 2
Jul 21 10:22:48 admin: unblock_ipset.sh: finish
Jul 21 10:22:49 admin: unblock_ipset.sh: start
Jul 21 10:22:49 admin: 1
Jul 21 10:22:50 admin: 87.240.190.78
Jul 21 10:22:50 admin: 93.186.225.208
Jul 21 10:22:50 admin: 87.240.137.158
Jul 21 10:22:50 admin: 87.240.139.194
Jul 21 10:22:50 admin: 87.240.190.67
Jul 21 10:22:50 admin: 87.240.190.72
Jul 21 10:22:50 admin: 2
Jul 21 10:22:50 admin: 1
Jul 21 10:22:50 admin: 80.239.201.100
Jul 21 10:22:50 admin: 149.5.244.203
Jul 21 10:22:50 admin: 2
Jul 21 10:22:50 admin: 1
Jul 21 10:22:50 admin: 87.250.250.242
Jul 21 10:22:50 admin: 2
Jul 21 10:22:50 admin: 1
Jul 21 10:22:50 admin: 87.250.250.50
Jul 21 10:22:50 admin: 2
Jul 21 10:22:50 admin: 1
Jul 21 10:22:50 admin: 3.120.25.179
Jul 21 10:22:50 admin: 94.100.180.201
Jul 21 10:22:50 admin: 2
Jul 21 10:22:50 admin: 1
Jul 21 10:22:50 admin: 217.20.155.13
Jul 21 10:22:51 admin: 5.61.23.11
Jul 21 10:22:51 admin: 217.20.147.1
Jul 21 10:22:51 admin: 2
Jul 21 10:22:51 admin: 1
Jul 21 10:22:51 admin: 45.60.34.164
Jul 21 10:22:51 admin: 45.60.40.164
Jul 21 10:22:51 admin: 2
Jul 21 10:22:51 admin: 1
Jul 21 10:22:51 admin: 116.202.120.181
Jul 21 10:22:51 admin: 2
Jul 21 10:22:51 admin: unblock_ipset.sh: finish
Jul 21 10:22:53 admin: unblock_ipset.sh: start
Jul 21 10:22:53 admin: 1
Jul 21 10:22:53 admin: 87.240.190.72
Jul 21 10:22:54 admin: 87.240.190.78
Jul 21 10:22:54 admin: 93.186.225.208
Jul 21 10:22:54 admin: 87.240.137.158
Jul 21 10:22:54 admin: 87.240.139.194
Jul 21 10:22:54 admin: 87.240.190.67
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 149.5.244.203
Jul 21 10:22:54 admin: 80.239.201.100
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 87.250.250.242
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 87.250.250.50
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 94.100.180.201
Jul 21 10:22:54 admin: 3.120.25.179
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 217.20.147.1
Jul 21 10:22:54 admin: 217.20.155.13
Jul 21 10:22:54 admin: 5.61.23.11
Jul 21 10:22:54 admin: 2
Jul 21 10:22:54 admin: 1
Jul 21 10:22:54 admin: 45.60.40.164
Jul 21 10:22:54 admin: 45.60.34.164
Jul 21 10:22:55 admin: 2
Jul 21 10:22:55 admin: 1
Jul 21 10:22:55 admin: 116.202.120.181
Jul 21 10:22:55 admin: 2
Jul 21 10:22:55 admin: unblock_ipset.sh: finish
What was that error? Why it's gone after ipset --flush? Does anyone have any idea what is going on?
It's not a bit deal, all works like expected since I configurated this years ago, just was trying to clearify log and understand what a hell is this error :)
 
Last edited:
Well, IDK about your question, but I'm from Ukraine and we have a list of domains that ISPs must block because of government decision. In Russia there is even a federal executive agency called Roskomnadzor that forces ISPs to block sites. So for those who have similar problem or just want certain sites to be opened using TOR network for any other reason without need to install and configure TOR on client this tutorial may be useful.
What I mean is that usually "blocking" is done at the DNS level. All that's needed to bypass the block is to use a different DNS server.
 
The script above works great for clients in LAN, however if you connect to the router via VPN (build-in OpenVPN) the script does not work. I guess there should be another "iptables -t nat..." in nat-start script to forward requests from VPN clients. Could you please update the script to enable VPN clients to use tor.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top